[Samba] SOLVED(I hope): Difficulties with Windows XP: failed to find cifs/fileserver.y.z at Y.Z in keytab (arcfour-hmac-md5)

Marc Muehlfeld mmuehlfeld at samba.org
Mon Jan 16 17:39:51 UTC 2017


Am 16.01.2017 um 18:07 schrieb rawi via samba:
> I discovered, that the generated smb.conf was not enough for an AD-DC.
> Despite having:
> server role = active directory domain controller
> ... the default settings for:
> domain logons = no (?)
> domain master = auto (aka equally NO)
> local master = yes
> (not specifically mentioned in the generated smb.config)
> ... where enough for Windows7 and Windows8 (?), but not for Windows XP
> After setting 
> domain master = YES 
> ... I could join the WindowsXP and login.
> I also added then (to be sure ;) domain logons = YES.
> This seems now to work. I'll test tomorrow joins with another clients.
> What remains, is the question, why a "server role = active directory domain
> controller" doesn't enable "domain logons" by default?

I cannot confirm this. I never had these settings in smb.conf files on
my DCs and XP clients ran successfully.

Additionally, the "domain logons" parameter was for Win9x clients and
the default is "off" since a very long time, not just on AD DCs. See the
smb.conf man page:
> domain logons (G)
> If set to yes, the Samba server will provide the netlogon service for
> Windows 9X network logons for the workgroup it is in. This will also
> cause the Samba server to act as a domain controller for NT4 style
> domain services. For more details on setting up this feature see the
> Domain Control chapter of the Samba HOWTO Collection.
> Default: domain logons = no

I'm a bit afraid what happens if you enable this on a Samba DC.
Let us know what it breaks. ;-)


More information about the samba mailing list